CCNA Concepts

640-802

What is a network?

• A Collection of devices that can communicate together
• The Fabric that ties business applications together

Function of a Network

Pieces of a Network

Applications that use Network

Network Designs

Understanding the Pieces of the Network

Ethernet Cable

PC---Network Interface Card

Router---WAN + Internet

WAN + Internet --- service Provider

Switch—Router

Switch--- Server

Applications that use the Network

Web Browser and FTP

Database Application

Instant Messenger

Email

Online Games

Considerations for Network Applications

Delay

Availability

Speed & Size

Bit

Byte

KiloByte

MegaByte

GigaByte

TerraByte

Network Designs

Bus

Star

Ring

Mytyhical OSI Model

Top	Application
	Presentation
	Session
Bottom	Transport
	Network
	Data Link
	Physical

-Interfaces with the Application

-Provides Network access to Applications.

-Generi-Fies the data (understand by applications)

-Encryption Services

-Starts and Ends Sessions

-Logically keeps sessions seperate          

-Dictates how the Data is sent (Reliable, Unreliable)

-Defines well-known Services (ports)

-Provides Logical addressing

-Finds best path to a destination

-Provides Physical addressing

-Ensures Data is error-free

-Provides access to the cable

-Electrical signals, ones and zeros

All People Seen/m To Need Data Processing

Please Do Not Throw Sochay Pizza Away

Helps Breakdown Network Functions (Access/permissions Internet, Servers, Applications)

Creates standards for equipment manufacturing

Allows vendors to focus in specialized areas of the Network

OSI Model in Real World

ftp ftp.cisco.com Netstat

OSI vs TCP/IP

OSI	TCP/IP	TCP/IP Protocol Suite
Application	Application	Telnet		FTP		SMTP	DNS	RIP			SNMP
Presentation
Session
Transport	Host to Host Transport Layer	TCP					UDP
Network	Internet	ARP	IP				IGMP		ICMP
Data Link	Network Access (Network Interface Layer)	Ethernet			Token Ring		Frame Relay			ATM
Physical

IP Address Format

4 Numbers, each number from 0-255, 32bits in length alongwith subnet mask and gateway.

Understanding two address concepts (IP & MAC)

Need of MAC address

ARP- A broadcast message every PC sends onto the network in order to know the destination if exists onto the same network.

Such Local broadcasting (ARP) from one PC to another is always occurred by means of MAC address.

 Need of IP address

Need for Transferring of data from one network to another.

Router prohabits local ARP broadcast from one pc to another.

Therefore ARP broadcast always restricts by a router to go outside.

Local PC broadcast ARP for default gateway which it knows well

Source IP-----------------Fixed

Destination IP-----------Fixed

Source MAC-------------Vary

Destination MAC-------vary

Default Address Classes

Class A – X.X.X.X 255.0.0.0 – Range 1-126 –16,777,214 Hosts

Class B – X.X.X.X 255.255.0.0 – Range 128-191 – 65,536 Hosts

Class C – X.X.X.X 255.255.255.0 – Range 192-223 – 254 Hosts

Public vs Private Addresses

Public—Usable on the internet and the internal Networks

Private—Usable only on internal networks

Three ranges:

Class A – 10.0.0.0 – 10.255.255.255

Class B – 172.16.0.0 – 172.31.255.255

Class C – 192.168.0.0 – 192.168.255.255

Lookback range used for testing: 127.x.x.x

Auto-Configuration range: 169.254.x.x

Differentiate between TCP and UDP

TCP	UDP
Builds Connections	Connectionless
Uses Sequence Numbers	Best-Effort Delivery
Reliable (Uses Acks)	Unreliable

TCP—Three-Way Handshake--SYN-SYSACK-ACK

TCP Windowing

Port Numbers

Port Number+IP=Socket/session

www.iana.org/assignments/port-numbers

0-1023 is considered as well –known ports.

Febric of Networks: Ethernet

1973	Xerox invents Ethernet (3MBPS)
1982	Ethernet Standardized between vendors (10MBPS)
1995	Fast Ethernet emerges (100MBPS)
2000	Gigabit Ethernet emerges (1000MBPS)
2002	10 Ethernet emerges (10000MBPS)
2007	100 Ethernet emerges (100000MBPS)

Average user uses 5% of the bandwidth out of 100MBPS.

Ethernet lies in between Data Link and Physical Layer.

@ Data Link Layer ethernet again devides into 2 layers.

• Logical Link Layer (LLC)
• Media Access Control (MAC)
•  

Carrier Sense, Multiple Access / Collision Detection

CSMA/CD is a set of rules governing how you talk on an ethernet network

-Carrier: The network signal

-Sense: The ability to detect

-Multiple Access: All devices have equal access

-Colliision: What happens if two devices send at once

-Detection: How the computers handle collisions when they happen

CSMA/CA

Used by Token Ring

Methods of Communicating

Unicast

Multicasting

Broadcasting

MAC Addresses

Consists of 12 hexa characters

6 hexa characters are for Organizational Unique Identifier (OUI)

6 hexa characters are for Vender Assigned

www.coffer.com/mac_find

Underdtanding Ethernet Cable

• Category 5/5e unshielded twisted pair (UTP)

Max Distance: 100 meters

Connection: RJ-45

• Multi-Mode Fiber

Max Distance: 275 meters to a few miles

Connection: Varies

• Single-Mode Fiber

Max Distance: /Mile to many miles

Connection: Varies

Cabling Standards

-T568A + T568A =Straight Thru

 (Greenwhitegreen-Orangewhiteblue-bluewhiteorange-brownwhitebrown)

-T568B + T568B =Straight Thru

 (Orangewhiteorange-Greenwhiteblue-Bluewhitegreen-brownwhitebrown)

-T568A + T568B =Crossover

-T568B is by far is the most famous standard.

-Unlike devices use Straight-Thru

-Like devices use Crossover

Collision/ Broadcast Domain

-Collision Domain-How many devices (ports) can send/receive @ the same time

-Broadcast Domain-How far a broadcast travels til it stops

-Hub is a shared CSMA/CD

-When collision occurs, one of the devices (port) which detects the signal will send out the signal known as JAM.

-JAM broadcasts information about collision detection to all devices and stops all network communication because data needs to be resent.

Device	Collision Domain	Broadcast Domain
HUB	1	1
Switch	4	1
Router	4	4

-Bridges are slow in learning MAC addresses, software based.

-Switches Hardware based known as ASIC, full duplex communication,

-Hub @ physical

-Switch @ Data Link

-Router @ Network

-Switch maintains a CAM (content addressable memory) table

Cisco IOS

-The Internetwork Operating System

-A command line method of configuring a cisco device

-Software that is consistant through nearly all cisco devices

-Learn it once, use it many times

-More powerful than any graphical interface

Connecting to the cisco switch

1. Get a console cable
2. Plug the serial end into the back of the PC
3. Plug the RJ-45 end into console port on switch
4. Get a terminal program

-Hyerterm

-Tera term

-Minicom

-SecureCRT

5. Set to connect via COM port with:

-Baud rate: 9600

-Data Bits: 8

Parity: None

-Stop Bits: 1

-Flow control: None

Understanding IOS command modes

User Mode (user exec)>

Privileged Mode (Privilege exec) #

Globle Configuration Mode (Config) #

 

Device Nevigation

<Ctrl-A>	Move cursor to beginning of line
<Ctrl-B>	Move cursor back one character
<Ctrl-D>	Delete the character the cursor is on
<Ctrl-H>	Same as backspace,i.e, delete the character before the cursor
<Ctrl-K>	Delete characters to end of line. The characters are held in a buffer and can be recalled for later insertion in a command line.
<Ctrl-U>	Delete to end of line, the characters go to a buffer
<Ctrl-V>	Used to insert control characters in the command line. It tells the user interface to treat the next character literally, rather than as an editor command.
<Ctrl-W>	Delete the previous word
<Ctrl-Y>	Paste the character from the buffer
Esc <	Show the firt line from the history buffer
Esc >	Show the last  line from the history buffer
Esc b	Move cursor back one word
Esc d	Delete the word in front of the cursor
Esc f	Move the cursor forward one word
Esc Del	Delete the word before the cursor

Initial setup of a cisco switch

Understanding the physical indicators

-SYSTEM- system state

-RPS-redundant power supply

-STAT-statistics of port, default

-UTIL-utilization,if 10% then 2 ports if 20% then may be 3 or 4 ports are on….. And so on for more %age

-DUPLEX-ports set as full duplex blink & ports set as half won’t blink

-SPEED-ports blink if 100 speed & won’t blink if speed 10

Performing an initial switch configuration

Vlan 1- A febric, ports assign to that febric are supposed to be a member of it

Int Vlan 1- A virtual interface which can be assigned an IP, in order to get accessed by members of the Vlan 1 febric.

Configuring switch security

Cisco password cracker- if encryption level is 7 then one can easily break the password.

Wireshark Network Analyzer- Packet sniffer

SSH steps

1. Username and password
2. Domain name (in order to develop certificate it is required)
3. Generate the keys
4. Version of ssh (ip ssh version 2)
5. Transport input ssh

-Tera Term web 3.1 (SSH program)

-Terminal monitor command in global mode will log messages when there is an activity on ports

MAC Security

Interface

Switchport mode access

Switchport port-security maximum

Switchport port-security violation

Switchport port-security mac-address

-show port-security int

Configuring speed and duplex

-Defualt-Auto

Interface

Duplex

Speed

Optimizing the Device

1. Logging synchronous – now a command can be written without interruption of console messages
2. Exec-timeout 30 0 (min sec)
3. No exec-timeout (unlimited connectivity)

-Default idle time is 300 seconds to kick off from the device

4. No ip doamin-lookup
5. Alias exec s show ip interface brief (alias –mode-alias to be-actual command)

STP

-Switches forward broadcast packets out all ports by design

-Reducdant connections are necessary in business networks

-The place of ST: Drop trees on redundant links (until they are needed)

Troubleshooting using show commands

Show ip interface brief

Show interface

Show run

Types of Wireless Networks

Personal Area Network (PAN)

Locall Area Network (LAN)

Metropolitan Area Network (MAN)

Wide Area Network (WAN)

Wireless LAN Facts

-A wireless Access Point (WAP) communicates like a HUB

                Shared Signal

                Half Duplex

-Uses unlicensed bands of radio frequency (RF)

-Wireless is a Physical and Data Link standard

-Uses CSMA/CA instead of CSMA/CD

-Facts connectivity issues because of interference

Unlicensed Frequencies

900MHZ Range: 900 - 928

2.4GHZ Range: 2.400 -2.483

5GHZ Range: 5.150 – 5.350

-The lower the frequency the further the bandwidth for lower band

RF

-RF waves are absorbed (passing through walls) or reflected (by metal)

-Higher Data rates have shorter ranges

-Higher frequencies of RF have higher data rates

-Higher frequencies of RF have shorter ranges

*Check out cisco’s wireless explorer game

802.11 Lineup

 802.11B

-Official as of September 1999

-Frequency 2.4GHZ

-Up to 11 MBPS (1, 2, 5.5, 11 Data rates)

-Most popular standard

-3 clean channels

802.11G

-Official as of June 2003

-Frequency 2.4GHZ

-Backards compatible with 802.11B

-Up to 54 MBPS (12 Data rates)

-3 clean channels

802.11A

-Official as of September 1999

-Frequency 5.8GHZ

-Up to 54 MBPS

-Not compatible with 802.11B/G

-12 to 23 clean channels

802.11N

-Up to 100 MbPS

-MIMO (multiple input multiple output)

The Power over the Wireless World

(ITU-R)- International Telecommunicaiton Union-Radiocommunication Sector: Regulates the radio frequencies used for wireless transmission

IEEE- Institute of Electrical and Electronic Engineers: Maintains the 802.11 wireless transmission standards

Wi-Fi Alliance- Ensures certified Interoperatibility between 802.11 wireless vendors

Wireless Dangers

Wireless Security

Authentication

Encryption

Intrusion Prevention System

Encryption and Authentication Combinations

Orininally: Pre-shared key WEP (weak)

Evolution#1: Pre-shared key WPA1 (interm solution used TKIP encryption)

Evolution#2: WPA1 and 802.1x authentication

Evolution#3: WPA2 (802.11I) and 802.1x authentication

Understanding the SSID

-The service set indentifier (SSID) uniquely identifies and seperates wireless networks

-When a wireless client is enabled:

1. Client issues a probe
2. Access Point (s) respond with a beacon
3. Client associates with chosen SSID
4. Access Point adds client MAC to Association table

Correct Design of a WLAN

-RF service areas should have 10-15% overlap

-Repeaters should have 50% overlap

-Bordering access points should use different channels

Setting up a Wireless Network

1. Pre-test switch port with Laptop (DHCP, DNS ,etc)
2. Connect WAP
3. Set up and test SSID with no security
4. Add and test security (Pre-shared key)
5. Add and test authenticaiton (802.1x)

Reviewing IP Basics

Ipv4 Address:

-Four octet (byte) address

-Can be one of three different classes

-When combined with a subnet mask, defines a network and host portion

-Operates at layer 3 of the OSI Model

Network Scenario # 1 (216.21.5.0 255.255.255.0) need 5 networks

Network Requirements

1-Determine Number of Networks and convert to binary

                5 = 00000101 (3 BITS)

2-Reserve Bits in subnet mask and find your increment

                255.255.255.0 = 11111111.11111111.11111111.00000000

                                                                                                              11100000

                                                                                                             -------------

                                            =     255      .    255          .    255       .     224                                       

3-Use increment to find your network ranges

216.21.5.0   ----216.21.5.31

                216.21.5.32 ----216.21.5.63

216.21.5.64 ----216.21.5.95

216.21.5.96 ----

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Network Scenario # 2 (195.5.20.0 255.255.255.0) need 50 networks

Network Requirements

1-Determine Number of Networks and convert to binary

                50 = 00110010 (6 BITS)

2-Reserve Bits in subnet mask and find your increment

                255.255.255.0 = 11111111.11111111.11111111.00000000

                                                                                                              11111100

                                                                                                             -------------

                                            =     255      .    255          .    255       .     252                                       

3-Use increment to find your network ranges

195.5.20.0----195.5.20.3

                195.5.20.4----195.5.20.7

195.5.20.8----195.5.20.11

195.5.20.12----195.5.20.15

195.5.20.16----195.5.20.19

195.5.20.20----

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Network Scenario # 3 (150.5.0.0 255.255.0.0) need 100 networks

Network Requirements

1-Determine Number of Networks and convert to binary

                100 = 01100100 (7 BITS)

2-Reserve Bits in subnet mask and find your increment

                255.255.0.0 = 11111111.11111111.00000000.00000000

                                                                                         11111110

                                                                                        -------------

                                            =     255      .    255          .    254       .     0                                            

3-Use increment to find your network ranges

150.5.0.0----150.5.1.255

                150.5.2.0----150.5.3.255

150.5.4.0----150.5.5.255

150.5.6.0----150.5.7.255

150.5.8.0------

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Network Scenario # 4 (10.0.0.0 255.0.0.0) need 500 networks

Network Requirements

1-Determine Number of Networks and convert to binary

                500 = 111111111 (9 BITS)

2-Reserve Bits in subnet mask and find your increment

                255.0.0.0 = 11111111.00000000.00000000.00000000

                                                           11111111.10000000

                                                           ------------------------

                                   =     255      .    255       .    128       .     0                                        

3-Use increment to find your network ranges

10.0.0.0----10.0.127.255

                10.0.128.0----10.0.255.255

10.1.0.0----10.1.127.255

10.1.128.0----10.1.255.255

10.2.0.0----

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Practice

1-(C) 200.1.1.0, 40 Networks

2-(C) 199.9.10.0, 14 Networks

3-(B) 170.50.0.0, 1000 Networks

4-(A) 12.0.0.0, 25 Networks

Network Scenario # 1 (216.21.5.0 255.255.255.0) need 30 Hosts

Network Requirements

1-Determine Number of Hosts and convert to binary

                30 = 00011110 (5 BITS)

2-Reserve Bits in subnet mask and find your increment

                255.255.255.0 = 11111111.11111111.11111111.00000000

                                                                                                              11100000

                                                                                                             -------------

                                            =     255      .    255          .    255       .     224                                       

3-Use increment to find your network ranges

216.21.5.0   ----216.21.5.31

                216.21.5.32 ----216.21.5.63

216.21.5.64 ----216.21.5.95

216.21.5.96 ----

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Network Scenario # 2 (195.5.20.0 255.255.255.0) need 50 Hosts

Network Requirements

1-Determine Number of Hosts and convert to binary

                50 = 00110010 (6 BITS)

2-Reserve Bits in subnet mask and find your increment

                255.255.255.0 = 11111111.11111111.00000000.00000000

                                                                                                              110000000

                                                                                                             -------------

                                            =     255      .    255          .    255       .     192                                       

3-Use increment to find your network ranges

195.5.20.0----195.5.20.63

                195.5.20.64----195.5.20.127

195.5.20.128----195.5.20.191

195.5.20.192----195.5.20.255

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Network Scenario # 3 (150.5.0.0 255.255.0.0) need 500 Hosts

Network Requirements

1-Determine Number of Hosts and convert to binary

                500 = 111111111 (9 BITS)

2-Reserve Bits in subnet mask and find your increment

                255.255.0.0 = 11111111.11111111.00000000.00000000

                                                                                     11111110

                                                                                    -------------

                                            =     255      .    255          .    254       .     0                                            

3-Use increment to find your network ranges

150.5.0.0----150.5.1.255

                150.5.2.0----150.5.3.255

150.5.4.0----150.5.5.255

150.5.6.0----150.5.7.255

150.5.8.0------

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Network Scenario # 4 (10.0.0.0 255.0.0.0) need 100 Hosts

Network Requirements

1-Determine Number of Hosts and convert to binary

                100 = 01100100 (7 BITS)

2-Reserve Bits in subnet mask and find your increment

                255.0.0.0 = 11111111.00000000.00000000.00000000

                                                           11111111.11111111.10000000

                                                           ------------------------------------

                                   =     255      .    255       .     255       .     128                                  

3-Use increment to find your network ranges

10.0.0.0----10.0.0.127

                10.0.0.128----10.0.0.255

10.0.1.0----10.0.127.255

10.0.1.128----10.0.1.255

10.0.2.0----10.0.127.255

10.0.2.128----10.0.2.255

Note: Can’t use the first ID (Network ID) as well as the last ID (broadcast ID)

Practice

1-(C) 200.1.1.0, 40 Hosts

2-(C) 199.9.10.0, 12 Hosts

3-(B) 170.50.0.0, 1000 Hosts

4-(A) 12.0.0.0, 100 Hosts

Initial Router Configuration

Understanding Physical Indicators

                Console

                Auxiliary

                Fast Etnernet

                WIC

                T1

Router Boot & Initial Configuration

#banner motd @

It’s a secure router

@

# logging synchronous

#line con 0

#Exec-timeout 30 0

#show ip interface brief

#interface range 0 - 3

SDM and DHCP server Configuration

-Security Device Manager

-A graphic user interface (GUI) that you can use to configure and manage your router

-Web – based

-Works on all mainline Cisco router

-Designed to allow IOS configuration without extensive

Configuring router to support SDM

1. Generate encryption keys (used in SSH and HTTPS)

#ip domain-name phq.com

#crypto key generate rsa general keys

2. Turn on the HTTP/HTTPS servers for router

#ip http server

#ip http secure-server

3. Create a Privilege level 15 user account

#username Jeremy privilege 15 secret/password Cisco

4. Configure VTY ports and HTTP access for privilege level 15 and to use the local user database

# ip http authentication local (for http access)

#line vty 0 4

#login local

5. Install java on PC and access the router using a web browser

Understanding DHCP

                -DHCP allows you to give devices IP addresses without manual configuration

                -Typically given for a limited time

                -Can be “manually allocated” for key network devices

                -DHCP servers can be server-based or router-based

DHCP Process

                ---------------------Client---------------------àDHCP Discover (Broadcast)

                ß------------------Server-----------------------DHCP Offer (Unicast)

                ---------------------Client---------------------àDHCP Request (Unicast)

                ß------------------Server-----------------------DHCP ACK (Unicast)

Using SDM to configure a DHCP Server

DHCP Pools> Add >

Note: BY bringing the router as DHCP server now the clients automatically get the IP addresses. Hence therefore no need of windows DHCP server

DHCP Pool Status

SDM >Additional tasks > DHCP Pools > DHCP Pool Status

# show IP DHCP Binding

 

Implementing Static Routing

Ip route <Destination Network-Mask> <next hop>

Default Route: Ip route <.0.0.0.0 0.0.0.0> <next hop>

Ip name-server (DNS ip (of service provider)) use in order to let router to resolve name addresses into ip addresses (ex: google.com)

Static routing knows only one thing that is how they are directly connected to.

Implementing Dynamic Routing with RIP

Types of Routing Protocols

-Distance vector

• Easy to configure            
• Not many features
• RIP,IGRP

-Link State

• Difficult to configure
• Feature-Riffic
• OSPF, IS-IS

-Hybrid

• “The best of both worlds”
• Proprietary
• EIGRP

Understanding RIP

 -Algorithm first developed in 1969

-Comes in two versions: RIPv1 and RIPv2

RIPv1:

• Classsful (advertise network but not subnet mask) version (Doesn’t supports VLSM)
• No Authentication
• Uses Broadcast (30 seconds)

RIPv2:

• Classless version (supports VLSM)
• Adds Authentication
• Uses Multicast

Configuring RIP

• Turn on RIP (Global Configuration),#router rip
• Change version #version 2
• Enter network statements (does 2 things—1) tells rip what networks to advertise and – 2) tells rip what interfaces to send advertise on)

#network (ex.192.168.1.0)

-no auto-summary: It keep rip for auto summarization of classful network

Internet Access with NAT and PAT

Understanding Need for NAT

• NAT allows multiple devices to share an internet IP address

How NAT works

                Inside Address ---- Outside Address

                Static NAT----- One to One

                PAT-----One to many

Configuring NAT using SDM

WAN Connectivity

Styles of WAN Connections

Leased Lines: Dedicated bandwidth between locations

• T1 CAS (channel-Associated Signaling)
• E1 CAS

Circuit Switched: On-demand bandwidth between locations

• Dial-up modems
• ISDN

Packet switched: Shared, but guaranteed, bandwidth between locations

• Frame Relay
• ATM

Configuring Leased Line Connections

L2 Protocols: HDLC (Cisco) and PPP (Open)

Serial Cross-over cable (DCE-DTE)

#Show controllers

#clock rate

Management and Security (Telnet, SSH and CDP)

-<ctrl, shift, 6 > then X—suspend telnet/ssh session

-Resume number--(discard the suspend session and rejoin the session, where number indicates particular device that a session is built). Also only number can be also with no resume to write

-show sessions—shows open sessions from your router

-show users—show open sessions to your router

-Disconnect—kills one of your open telnet sessions (Disconnect number where number indicates a session that is supposed to be closed)

-Clear Line <X>-- kills an open telnet session to you (where x is a line number or connection through which a remote user is connected to you router and that is supposed to be cleared onto your router)

Note: show line command shows how many lines the router has for VTY

Understanding The Cisco Discovery Protocol

-Allows seeing directly connected Cisco devices

-Useful for building accurate network diagrams

-Show cdp neighbors—show directly connected

Show cdp neighbors details

-show cdp entry (device name)—show detail about neighbor device

-No cdp enable (interfaces)

-No cdp run (Device)

Management and Security (File Management)

Understanding the copy command

-Allows you to move files between components

-Primary Components

                RAM

                NVRAM

                FLASH

                TFTP

#boot system tftp://192.168.1.50/c2801- adventerprisek9-mz………………………….bin

Rebuilding the small office network (SWITCH)

1. Beginning: Wipe out configs

#write erase (nvram)

#erase startup-config

2. Security: Passwords and Banner

#enable password ()

#enable secret ()

#line vty 0 4/console 0

#password ()

#login

#banner motd )

+++++++++++++++++++++++++++++

Do not log on

+++++++++++++++++++++++++++++

)

3. Cosmetics: Name, Work Environment

#hostname ()

#line con 0/vty 0 4

#logging synchronous

#line con 0

#no exec-timeout or exec-timeout 0 0 (default 300 sec)

#no ip domain-lookup

4. Management: IP Address and Gateway

#int vlan 1

#ip address 192.168.1.10 255.255.255.0

#no shut

#ip default-gateway 192.168.1.1

5. Interfaces: Speed, Duplex, Descriptions

#int fa0/1

#duplex full

#speed 100

#description

#show int description

6. Verify and Backup: CDP, TFTP, show Interfaces

#show cdp neighbors

# show cdp neighbors detail

#show interfaces

Rebuilding the small office network (ROUTER)

1. Beginning: Wipe out configs

#write erase (nvram)

#erase startup-config

2. Security: Passwords and Banner

#enable password ()

#enable secret ()

#line vty 0 4/console 0 /aux 0

#password ()

#login

#banner motd )

+++++++++++++++++++++++++++++

Do not log on

+++++++++++++++++++++++++++++

)

#service password-encryption

3. Cosmetics: Name, Work Environment

#hostname ()

#line con 0/vty 0 4

#logging synchronous

#line con 0

#no exec-timeout or exec-timeout 0 0 (default 300 sec)

#no ip domain-lookup

4. Interfaces: Identify,IP, Speed, Duplex, Descriptions

#alias exec s show ip int brief

#int Ethernet 0/0

#ip address 192.168.1.10 255.255.255.0

#no shut

#duplex full

#show int description ()

5. Routing: Default (Internet), RIP (Internal)

#router rip

#version 2

#network 192.168.1.1 (to advertise that network)

#ip route 0.0.0.0 0.0.0.0 68.110.171.97 (isp address)(internet)

Note : redistribute static command will forward/advertise the static route address to all routers in rip

#router rip

#redistribute static

6. Verify and Backup: CDP, TFTP, show ip route/ Interfaces

#show cdp neighbors

# show cdp neighbors detail

#show interfaces

#copy running-config tftp://192.168.1.50/r3-confg.txt

Understanding VLANs

VLAN Foundations

• Logically groups users
• Segments Broadcast Domains
• Subnet Correlation
• Access Control
• Quality of service

The Normal Switching World

• One  collision Domain per port
• Broadcasts sent to all ports
• One subnet per LAN
• Very Limited access Control

The Flexibility of VLANs

• Segmentation of users without routers
• No longer limited to physical location
• Tighter control of broadcasts

Understanding Trunks and VTP

The Trunk Language- 802.1Q

What is Trunking?

• Trunking (AKA Tagging)passes multi-VLAN information between switches
• Places VLAN information into each frame
• Layer 2 Feature

Note: Native VLAN is always untagged

VOMIT- (Voice over Misconfigured IP telephony) a hacking program used to hack IP telephones.

VTP (VLAN Trunking Protocol)or can say it VRP (VLAN Replication Protocol)

• 0/1-4096 VLAN numbers

VTP Modes

SERVER (Default)

• Power to change VLAN information
• Sends and Receives VTP updates
• Saves VLAN configuration

CLIENT

• Can’t change VLAN Information
• Sends and Receives VTP updates
• Doesn’t Save VLAN configuration

TRANSPARENT

• Power to change VLAN Information
• Forwards (Passes Through) VTP updates
• Doesn’t listen to VTP advertisements
• Saves VLAN configuration

VLAN PRUNING

• Keeps unnecessary broadcast traffic from crossing trunk links
• Only works on VTP servers

Configuring VLANs and VTP

S2#int vlan 1

S2# ip address 192.168.1.11 255.255.255.0

S2# no shut

S3#int vlan 1

S3# ip address 192.168.1.12 255.255.255.0

S3# no shut

Step 1: Configure Trunks

S1(3550)#int fa 0/11

S1#switchport trunk encapsulation dot1q

S1#switchport mode trunk

S1#int fa 0/12

S1#switchport trunk encapsulation dot1q

S1#switchport mode trunk

 S1# int range fa 0/1 – 10

S1#switchport mode access

S1# int range fa 0/13 – 23

S1#switchport mode access

S2(2950)#int fa 0/1

S2#switchport trunk

S2#int range fa 0/2 – 24

S2#switchport mode access

S3(2950)#int fa 0/1

S3#switchport trunk

S3#int range fa 0/2 – 24

S3#switchport mode access

-#sh int trunk

-#sh int fa 0/1 switchport

-#sh run int fa 0/1

Step 2: Configure VTP

#Show VTP status

• Domain Name
• Password
• Mode

S1# vtp domain Nuggetworld (case sensitive & auto replicated to other switches)

S1# vtp password cisco

S1# vtp mode (Default, i.e. server)

S2# vtp mode client

S3# vtp mode client

 Step 3: Configure VLANs

S1# vlan 10

S1# name sales

S1# vlan 20

S1# name marketing

S1# vlan 30

S1# name engineering

Step 4: Assigns ports to VLANs

S3# int fa 0/8

S3# switchport access vlan 10

S2# int fa 0/8

S2# switchport access vlan 10

Or for routing

S2# switchport access vlan 20

Three methods to route between VLANs

S1# int vlan 20

S1# ip address 192.168.20.1 255.255.255.0

S1# ip routing

Router-on-a-stick works

• Router physical interface divided into subinterfaces
• Switchport connecting to router set up as a trunk
• Router’s subinterfaces assigned specific VLAN Tag

R2#

R2#int fa 0/0.20

R2#encapsulation dot1Q 20

R2#ip address 192.168.20.1 255.255.255.0

R2#int fa 0/0.10

R2#encapsulation dot1Q 10

R2#ip address 192.168.10.1 255.255.255.0

Note: on Ethernet, max packet 1500 bytes, baby giant 1504 (tagging)

S3# int fa0/4

S3#switchport mode trunk

R1# ip route 192.168.20.0 255.255.255.0 192.168.1.2

Understanding STP

An Ideal Design: Switch layers

• Core-Backbone of the Network
• Distribution- Major segments happen (modules, services, server form)
• Access-Devices plug in to the Network

-Layered approach allows for easy, manageable growth.

-Etherchannel can provide more bandwidth on key links.

-Redundant connections eliminate a single point failure.

Redundancy

• Switches forward broadcast packets out all ports by design
• Redundant connections are necessary in business networks
• The place of spanning tree: Drop trees on redundant links (until they are needed)

Facts about Spanning Tree

• Original STP (802.1D) was created to prevent loops
• Switches send “PROBES” into the network called “Bridge Protocol Data Units (BPDUs)” to discover loops
• The BPDU Probes also help elect the core switch of network, called the ROOT Bridge
• The simplistic view of STP: All switches find the best way to reach the Root Bridge then “Block” all redundant links

Understanding BPDUs and Elections

·         Three port types

-Root port: used to reach the root bridge

-Designated port: Forwarding port, one per link

-Blocking/Non-Designated port: where the tree fell

-Bridge ID = Priority.MAC Address

-Every switch has by default priority value = 32768

-Lowest priority/MAC is the best for switch to get elected as Root Bridge

How STP finds the best path

Step 1: Elect the Root

Step 2: Switches find lowest cost path to root

                Link Bandwidth                                 Cost

                        10Mbps                                        100

                      100Mbps                                       19

                          1Gps                                            4

                        10Gbps                                         2

Configuring basic STP

Configuring and Testing STP

S1# show Spanning-tree

S1#Spanning-tree vlan 1 root primary (this command forcefully decreases the priority value and bring that switch as a root bridge)

Or

S1#Spanning-tree vlan 1 root priority (this command manually decreases the priority value and bring that switch as a root bridge)

Enhancements to STP

Problems with STP

Problems and solutions

·         Problems with PCs: Modern PCs can boot faster than 30 seconds

 Solution: portfast

Switch(config-if)# spanning-tree portfast

·         Problems with uplink ports: 50 seconds of down time causes big problems

Solution: Rapid Spanning-Tree

Initial STP Enhancement: PVST+

·         Runs an instance of STP per-VLAN (by default runs on every switch)

·         Allows different Root Bridge per VLAN

Rapid STP

• 802.1w
• Proactive system
• Redefined port roles
• Many STP similarities

RSTP improves performance

-Root port: used to reach the root bridge

-Designated port: Forwarding port, one per link

-Alternate port: Discarding port, backup path to root

Configuring and Testing RSTP

S1#Spanning-tree mode rapid-pvst

S3#int fa 0/

S3#spanning-tree portfast

S2#int fa 0/

S2#spanning-tree portfast

Switching troubleshooting and security

Troubleshooting a switched network

• Get familiar with the network
• Absolute have an accurate network diagram
• Work logically, from the bottom-up (OSI)

Common Troubleshooting Issues

Switch Security is Essential

-Most Security focus around the network perimeter

-Switch security checklist:

#logging buffer 64000

#show log

-kiwi syslog (software for pc onto which an output of router/switch log can be record/save)

#logging (ip address of kiwi syslog machine)

#spanning-tree bpduguard

Understanding basic VLSM

Understanding basic VLSM (variable length subnet mask)

-start with the largest subnet

Distance vector vs. Link state routing protocols

OSPF Concepts

OSPF configuration and troubleshooting

EIGRP concepts and configuration

Rules of the ACL

Configuring ACL

3 styles of NAT

Command-line NAT configuration

Concepts of VPN Technology

Implementing PPP Authentication

Understanding Frame Relay

Configuring Frame Relay